Jump to content

V6.0.0.52 question


woodsman
 Share

Recommended Posts

Hi,

Having difficulty getting this to install, probably something i am doing wrong.

Win 7 64 bit running in virtual XP mode, serv pack 3. I need this for the XP mode and it says there is a problem with the download, unverified publisher so I just accept it anyhow and then it appears to install then disappears. Cannot find where it went. Hmmm

The first several times upon install it gave a message that the download was corrupted please try another download.

I don't know. I do have an SSD if that makes any difference, I know I had a problem with the Win 7 operating system on this computer for a while with V6.0 but it cleared up . I assumed it was an SSD issue and must have been resolved.

Thanks for any tips.

Link to comment
Share on other sites

OK sorry You mean Emsisoft Anti Malware.....I had it in the non-XP normal win 7 mode but was not running, it was not the primary at the moment, I was just trying it.

However, the virtual mode needs its own AV and was attempting to install it there.

My AV would flag a wicked malware every time I downloaded the EAM in normal mode and it scared me so I un installed the EAM. It would get in the IE temp internet files and unpack itself and I had a heck of a time. I cannot tell you what it was but happened on 2 attempted EAM downloads and I uninstalled the original AV I had and lost the name of the malware.

After the first EAM download the MSE flagged a malware and then I scanned with EAM and it picked out 4 more of a similar name.

The MSE flagged another malware during the 2nd EAM download and I aborted the download.

MSE is gone now in favor of Kasperski in standard win 7 mode. Still have MSE in virtual XP mode.

Maybe nothing to do with EAM but the only activity I ever have is when I am installing EAM or shortly thereafter during times I am not doing scans.

Thanks

Link to comment
Share on other sites

Hello woodsman,

can you please download this tool from here:

http://tmp.emsisoft....w/emsiclean.exe

The purpose should be to find out if there maybe is a leftover from your first EAM installation.

(Please try it in Win 7 and Virtual-XP mode if possible - but be careful you don't need to delete something with this tool - just start it and then close it again as described in the next few lines - we just need the log file which will be created)

Please run it, carefully read the disclaimer and accept it in case you agree. You should then see a list of entries the tool found on your system. At this point do not click remove yet but close the application instead. A report file (EmsiClean_XXXX.XX.XX_XX.XX.XX.txt where X is replaced by values corresponding to the current date and time) should be generated at this point. Please attach that file to your next reply. The file attachment options can be found after clicking the "More Reply Options" here in the forum.

I also found an article from Microsoft describing some issues may appear when the hardware of the system don't fit exactly.

May you also want to check by reading this short article -> Before you begin

(There is also a tool you can download to check if your hardware fits)

Are you using Windows 7 Professional, Enterprise, Ultimate or something else ?

If you consider it possible that there could be malware on your computer,

you can also download the Emsisoft Emergency Kit and scan your computer to be sure.

This is possible without install anything on your system with the included scanner.

(Please just use the scanner of the EEK - the tool BlitzBlank for example could be harmful if used in the wrong way)

I hope we will find a solution soon.

Link to comment
Share on other sites

Thank you Thomas

I ran it and it did bring up a square screen that had a checked box in the column labeled object: Emsisoft Anti-malware Configuration and in the column labled type it said: Registry. I then closed but didnt remove and no txt file can be found that was to be generated. I search emsiclean and all that comes up is the exe that I just downloaded and ran. I search emsisoft and no txt comes up from this year.

In XP mode same thing no txt but said No traces found of emsisoft or mamutu.

It is a almost new I7 win 7 pro setup. XP mode works perfect so far.

I am going to try 1 more time to download this time in win 7 mode and see if my anti virus goes off, if so I will report. If all goes well I will try to download in XP mode again.

Thanks

Link to comment
Share on other sites

I downloaded emsisoft 6.0 in XP mode and it worked this time. Great. Then it said Free trial has already been used on this computer enter license key.

At this point I un-installed it and decided to forget it. Tired of dealing with it in XP mode.

Went to win 7 mode and downloaded it and turned off all real time protection because i now have a pretty decent virus scanner in real time that i am happy with.

I still would like to keep emsisoft 6.0 to scan manually and i appreciate your help and concern. It says trial mode is half over.

I will not rule out that at some point in the future I may use emsisoft pay version in real time but I am going to use up the one I paid for first. It has not let me down yet.

Thanks.

Link to comment
Share on other sites

OK I did a scan and this showed up. MSE and Kasperski missed it and was wondering if these may be something i need and why did they show up again. The 2nd report down from 12/24 caught the same or similar. Where would this stuff be coming from?. I un installed Java on the 24th and re installed it. I dont go to suspect sites that I know of. Is this stuff embedded and unpacking periodically?

Thanks

I'll try the emergency kit if you think that i should.

Emsisoft Anti-Malware - Version 6.0

Last update: 1/11/2012 3:29:55 PM

Scan settings:

Scan type: Custom Scan

Objects: Rootkits, Memory, Traces, C:\, D:\, F:\

Scan archives: On

ADS Scan: On

Scan start: 1/11/2012 3:44:56 PM

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-7e1a5e3c -> xmltree\lindsa.class detected: JAVA.Agent!E2

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-7e1a5e3c -> xmltree\rekona.class detected: JAVA.Agent!E2

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-7e1a5e3c -> xmltree\oplef.class detected: JAVA.Agent!E2

Scanned 581219

Found 3

Scan end: 1/11/2012 3:55:23 PM

Scan time: 0:10:27

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-7e1a5e3c -> xmltree\lindsa.class Quarantined JAVA.Agent!E2

Quarantined 3

Oddly this is the quarintine log after the above scan, file not found...is this stuff renaming itself before the removal process?

Emsisoft Anti-Malware - Version 6.0

quarantine log

Date Source Event Behavior/Infection

1/11/2012 3:55:42 PM C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-7e1a5e3c File not found JAVA.Agent!E2

1/11/2012 3:55:41 PM C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-7e1a5e3c Moved to quarantine JAVA.Agent!E2

Emsisoft Anti-Malware - Version 6.0

Last update: 12/24/2011 1:09:20 PM

Scan settings:

Scan type: Custom Scan

Objects: Rootkits, Memory, Traces, Cookies, C:\, D:\, F:\

Scan archives: On

ADS Scan: On

Scan start: 12/24/2011 1:09:56 PM

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1a03c108-5b4d7281 -> xmltree\opkat.class detected: Exploit.Java.CVE!E2

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-17c92a03 -> xmltree\londa.class detected: Exploit.Java.CVE!E2

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\4f448ca1-4e409829 -> notana.class detected: Exploit.Java.CVE!E2

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-15792209 -> notana.class detected: Exploit.Java.CVE!E2

C:\HP\Bin\EndProcess.exe detected: Riskware.Win32.KillApp!E1

Scanned 581470

Found 5

Scan end: 12/24/2011 1:16:27 PM

Scan time: 0:06:31

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1a03c108-5b4d7281 -> xmltree\opkat.class Quarantined Exploit.Java.CVE!E2

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-17c92a03 -> xmltree\londa.class Quarantined Exploit.Java.CVE!E2

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\4f448ca1-4e409829 -> notana.class Quarantined Exploit.Java.CVE!E2

C:\Users\Joe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-15792209 -> notana.class Quarantined Exploit.Java.CVE!E2

Quarantined 4

Link to comment
Share on other sites

Noticed something interesting today, just like the last time I downloaded EAM, Microsoft Security Essentials has started picking up Exploit Java hi-risk malware again. 3 of them this time.

When I un-installed the EAM trial version the last time, a few weeks ago, all this exploit Java malware activity that was being detected occasionally by MSE stopped.

I am wondering if I un-install EAM trial version again if the malware activity MSE detects will stop again.

I scan manually with MSE, it is not running in real time.

Interesting..

Link to comment
Share on other sites

Hello woodsman,

it is possible that the file you have found is a root kit.

if you want you can provide us with a quarantine list - so we can let our removal specialists have a look on it.

You can do it by opening the EAM main window, choose Quarantine on the left side, and save the quarantine file by clicking on the text "Save quarantine list" in the lower right corner. You can send this file over PM to me or just add it here in the forum by choosing the "More Reply Options" button in the lower right corner.

It could also be good to clear the java cache.

Maybe also the FileHippo Update Checker could be interesting for you.

Link to comment
Share on other sites

hi.

please download file hippo:

http://www.filehippo.com/

after instalation, klick the tray icon (right klick) settings, hide beta update. ok.as we can see in your quarantin log, you have visit an page using some exploits.

Exploit.Java.CVE, i can not say what exploit, normaly an number follows after CVE, but not in this detection.

this number shows normaly what hole is used by exploit.The file hippo program will help you to close known holes in programs like flash player, readers, java and so on.

the findings are looking like malware.

Link to comment
Share on other sites

I did the filechecker and updates.

I appreciate the assistance on this. Not sure what to do now. I scan with 3 different AV that show clean most of the time so this must be a tough one.

Emsisoft picked up the most activity of all the AV programs. Nice job. I plan on purchasing the full version soon as I get my head above water here.

Thanks.

Link to comment
Share on other sites

yes, the file hippo will run automated now and show you the fresh updates as soon as they have it in the database.

as i read in earlier posts, you have problems with avs flagging emsisoft as malware, hope i read it corect, ido you have this problem still now, if yes can you say me your download source and the av showing emsisoft as malware, so the emsi team can check your problem?

Link to comment
Share on other sites

My backup scanner MSE is not flagging Emsisoft as malware but the same Jave/deployement/6.0 stuff 1 time yesterday or maybe it was the day before. After EAM download 3 or 4 days ago, EAM and picked up 3 or 4 then later MSE picked up 1. Kinda strange. I scan now with 2 or 3 different scanners dailey out of curiosity and so far today all is good except the EAM Quarentine .dat file I copied to the desktop got flagged but I deleted that.

I didn't pick up anything for a month since I un installed the first EAM trial back in December at which time I was showing Java/deployment/6.0 activity on EAM and MSE until I un-installed EAM and it quieted down.

It almost appears EAM triggers it somehow because this activity started again with this new EAM trial download but it is probably coincidence.

I never hardly ever get any flagged and quarentined objects with MSE, just an occasional bad site that was stopped when I was using MSE in real-time when I am looking for parts or whatever for what i do. So any MSE activity is unusual for me. I stay away from the porno sites LOL

EAM seems to be pretty effective if in fact these objects that are getting quarentined are legit. EAM gets more of them.

Kaspersky is the real-time at the moment and so far has detected nothing during a scan except it has stopped 1 site from downloading in real-time.

I wish I understood more about how this stuff is un-leashing itself in my PC at any given time.

File hippo says 6 beta downloads available, what exactly are beta? test versions or early release?

Thanks.

Link to comment
Share on other sites

hi,

yes as i said, right klick the symbol in systray, settings and uncheck beta updates.

klick ok, after restart it should not load anymore.

yes. porn sites and streaming sites try often to infect your pc with malware, this exploits are loaded into the java chache. perhaps your java was updated and so it was not posible to exploit the hole the malware use..

emsisoft has strong signatures, so it should detect more as mse for exsample.

Link to comment
Share on other sites

OK I see what to do with the betas to get rid of them

I re-scanned for malware and all is good at the moment.....but could this be something that is embedded and will come out again or should I assume it has been cleared?

I suspect that it will show up again within a few days . I am being real careful not to visit any unusual sites.

I will keep scanning dailey.

Thanks

Link to comment
Share on other sites

hi, emsisoft has no e-mail scanner, but this is no problem, if you start an e--mail attachment, emsisoft will check this.

windows firewall is ok.

if you stay away from porn, and streaming sites, i mean such sites streaming aktual movies, i do not think you will get this java exploit alerts again.

can you say me your browser please?

Link to comment
Share on other sites

Firefox 9 (mostly)

IE 9 (sometimes)

I don't go to porn sites , never did,. I use the internet when I have questions and search , or i am searching parts.

I do watch U Tube videos sometimes.

I will stay away from live streaming.

Let us know when the email is ready. I am concered about embedded pictures and animated gifs and similar things in incoming email

Thanks.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...